2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->le_scan_type = LE_SCAN_PASSIVE;
204 hdev->ssp_debug_mode = 0;
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209 __u8 status = *((__u8 *) skb->data);
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
225 hci_dev_unlock(hdev);
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data);
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 __u8 param = *((__u8 *) sent);
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
258 clear_bit(HCI_AUTH, &hdev->flags);
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
267 __u8 status = *((__u8 *) skb->data);
270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 __u8 param = *((__u8 *) sent);
280 set_bit(HCI_ENCRYPT, &hdev->flags);
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 param = *((__u8 *) sent);
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
308 /* We need to ensure that we set this back on if someone changed
309 * the scan mode through a raw HCI socket.
311 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
319 mgmt_discoverable(hdev, 1);
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
331 hci_dev_unlock(hdev);
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
343 memcpy(hdev->dev_class, rp->dev_class, 3);
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 __u8 status = *((__u8 *) skb->data);
354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 memcpy(hdev->dev_class, sent, 3);
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
368 hci_dev_unlock(hdev);
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
381 setting = __le16_to_cpu(rp->voice_setting);
383 if (hdev->voice_setting == setting)
386 hdev->voice_setting = setting;
388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
397 __u8 status = *((__u8 *) skb->data);
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410 setting = get_unaligned_le16(sent);
412 if (hdev->voice_setting == setting)
415 hdev->voice_setting = setting;
417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
423 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
426 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
428 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
433 hdev->num_iac = rp->num_iac;
435 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
438 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440 __u8 status = *((__u8 *) skb->data);
441 struct hci_cp_write_ssp_mode *sent;
443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 hdev->features[1][0] |= LMP_HOST_SSP;
453 hdev->features[1][0] &= ~LMP_HOST_SSP;
456 if (test_bit(HCI_MGMT, &hdev->dev_flags))
457 mgmt_ssp_enable_complete(hdev, sent->mode, status);
460 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
468 u8 status = *((u8 *) skb->data);
469 struct hci_cp_write_sc_support *sent;
471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
473 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
479 hdev->features[1][0] |= LMP_HOST_SC;
481 hdev->features[1][0] &= ~LMP_HOST_SC;
484 if (test_bit(HCI_MGMT, &hdev->dev_flags))
485 mgmt_sc_enable_complete(hdev, sent->support, status);
488 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
490 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
494 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
496 struct hci_rp_read_local_version *rp = (void *) skb->data;
498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
503 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
504 hdev->hci_ver = rp->hci_ver;
505 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
506 hdev->lmp_ver = rp->lmp_ver;
507 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
508 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
512 static void hci_cc_read_local_commands(struct hci_dev *hdev,
515 struct hci_rp_read_local_commands *rp = (void *) skb->data;
517 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
522 if (test_bit(HCI_SETUP, &hdev->dev_flags))
523 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
526 static void hci_cc_read_local_features(struct hci_dev *hdev,
529 struct hci_rp_read_local_features *rp = (void *) skb->data;
531 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
536 memcpy(hdev->features, rp->features, 8);
538 /* Adjust default settings according to features
539 * supported by device. */
541 if (hdev->features[0][0] & LMP_3SLOT)
542 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
544 if (hdev->features[0][0] & LMP_5SLOT)
545 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
547 if (hdev->features[0][1] & LMP_HV2) {
548 hdev->pkt_type |= (HCI_HV2);
549 hdev->esco_type |= (ESCO_HV2);
552 if (hdev->features[0][1] & LMP_HV3) {
553 hdev->pkt_type |= (HCI_HV3);
554 hdev->esco_type |= (ESCO_HV3);
557 if (lmp_esco_capable(hdev))
558 hdev->esco_type |= (ESCO_EV3);
560 if (hdev->features[0][4] & LMP_EV4)
561 hdev->esco_type |= (ESCO_EV4);
563 if (hdev->features[0][4] & LMP_EV5)
564 hdev->esco_type |= (ESCO_EV5);
566 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
567 hdev->esco_type |= (ESCO_2EV3);
569 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
570 hdev->esco_type |= (ESCO_3EV3);
572 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
573 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
576 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
579 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
586 if (hdev->max_page < rp->max_page)
587 hdev->max_page = rp->max_page;
589 if (rp->page < HCI_MAX_PAGES)
590 memcpy(hdev->features[rp->page], rp->features, 8);
593 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
596 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601 hdev->flow_ctl_mode = rp->mode;
604 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
606 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
608 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
613 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
614 hdev->sco_mtu = rp->sco_mtu;
615 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
616 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
618 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
623 hdev->acl_cnt = hdev->acl_pkts;
624 hdev->sco_cnt = hdev->sco_pkts;
626 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
627 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
630 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
632 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
637 bacpy(&hdev->bdaddr, &rp->bdaddr);
640 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
643 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
647 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
648 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
649 hdev->page_scan_window = __le16_to_cpu(rp->window);
653 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
656 u8 status = *((u8 *) skb->data);
657 struct hci_cp_write_page_scan_activity *sent;
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
664 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
668 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
669 hdev->page_scan_window = __le16_to_cpu(sent->window);
672 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
675 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
679 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
680 hdev->page_scan_type = rp->type;
683 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
686 u8 status = *((u8 *) skb->data);
689 BT_DBG("%s status 0x%2.2x", hdev->name, status);
694 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
696 hdev->page_scan_type = *type;
699 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
702 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
704 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
709 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
710 hdev->block_len = __le16_to_cpu(rp->block_len);
711 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
713 hdev->block_cnt = hdev->num_blocks;
715 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
716 hdev->block_cnt, hdev->block_len);
719 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
722 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 hdev->amp_status = rp->amp_status;
730 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
731 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
732 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
733 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
734 hdev->amp_type = rp->amp_type;
735 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
736 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
737 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
738 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
741 a2mp_send_getinfo_rsp(hdev);
744 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
747 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
748 struct amp_assoc *assoc = &hdev->loc_assoc;
749 size_t rem_len, frag_len;
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
756 frag_len = skb->len - sizeof(*rp);
757 rem_len = __le16_to_cpu(rp->rem_len);
759 if (rem_len > frag_len) {
760 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
762 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
763 assoc->offset += frag_len;
765 /* Read other fragments */
766 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
771 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
772 assoc->len = assoc->offset + rem_len;
776 /* Send A2MP Rsp when all fragments are received */
777 a2mp_send_getampassoc_rsp(hdev, rp->status);
778 a2mp_send_create_phy_link_req(hdev, rp->status);
781 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
784 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
789 hdev->inq_tx_power = rp->tx_power;
792 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
794 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
795 struct hci_cp_pin_code_reply *cp;
796 struct hci_conn *conn;
798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 if (test_bit(HCI_MGMT, &hdev->dev_flags))
803 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
808 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
812 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
814 conn->pin_length = cp->pin_len;
817 hci_dev_unlock(hdev);
820 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
822 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
829 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
832 hci_dev_unlock(hdev);
835 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
838 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
840 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
845 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
846 hdev->le_pkts = rp->le_max_pkt;
848 hdev->le_cnt = hdev->le_pkts;
850 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
853 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
856 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
861 memcpy(hdev->le_features, rp->features, 8);
864 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
867 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
872 hdev->adv_tx_power = rp->tx_power;
875 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
877 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
883 if (test_bit(HCI_MGMT, &hdev->dev_flags))
884 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
887 hci_dev_unlock(hdev);
890 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899 if (test_bit(HCI_MGMT, &hdev->dev_flags))
900 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
901 ACL_LINK, 0, rp->status);
903 hci_dev_unlock(hdev);
906 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
908 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
910 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
914 if (test_bit(HCI_MGMT, &hdev->dev_flags))
915 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
918 hci_dev_unlock(hdev);
921 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
924 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
931 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
932 ACL_LINK, 0, rp->status);
934 hci_dev_unlock(hdev);
937 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
940 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
945 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
946 NULL, NULL, rp->status);
947 hci_dev_unlock(hdev);
950 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
953 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
958 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
959 rp->hash256, rp->randomizer256,
961 hci_dev_unlock(hdev);
965 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
967 __u8 status = *((__u8 *) skb->data);
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
972 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
979 bacpy(&hdev->random_addr, sent);
981 hci_dev_unlock(hdev);
984 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
986 __u8 *sent, status = *((__u8 *) skb->data);
988 BT_DBG("%s status 0x%2.2x", hdev->name, status);
990 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
997 mgmt_advertising(hdev, *sent);
999 hci_dev_unlock(hdev);
1002 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1004 struct hci_cp_le_set_scan_param *cp;
1005 __u8 status = *((__u8 *) skb->data);
1007 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1009 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1016 hdev->le_scan_type = cp->type;
1018 hci_dev_unlock(hdev);
1021 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1027 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1036 switch (cp->enable) {
1037 case LE_SCAN_ENABLE:
1038 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1041 case LE_SCAN_DISABLE:
1042 /* Cancel this timer so that we don't try to disable scanning
1043 * when it's already disabled.
1045 cancel_delayed_work(&hdev->le_scan_disable);
1047 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1048 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1049 * interrupted scanning due to a connect request. Mark
1050 * therefore discovery as stopped.
1052 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1054 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1058 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1063 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1066 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1068 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1071 hdev->le_white_list_size = rp->size;
1074 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1075 struct sk_buff *skb)
1077 __u8 status = *((__u8 *) skb->data);
1079 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1082 hci_white_list_clear(hdev);
1085 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1088 struct hci_cp_le_add_to_white_list *sent;
1089 __u8 status = *((__u8 *) skb->data);
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1093 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1098 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1101 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1102 struct sk_buff *skb)
1104 struct hci_cp_le_del_from_white_list *sent;
1105 __u8 status = *((__u8 *) skb->data);
1107 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1109 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1114 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1117 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1118 struct sk_buff *skb)
1120 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1125 memcpy(hdev->le_states, rp->le_states, 8);
1128 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1129 struct sk_buff *skb)
1131 struct hci_cp_write_le_host_supported *sent;
1132 __u8 status = *((__u8 *) skb->data);
1134 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1142 hdev->features[1][0] |= LMP_HOST_LE;
1143 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1145 hdev->features[1][0] &= ~LMP_HOST_LE;
1146 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1147 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1151 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1153 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1157 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1159 struct hci_cp_le_set_adv_param *cp;
1160 u8 status = *((u8 *) skb->data);
1162 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1167 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1172 hdev->adv_addr_type = cp->own_address_type;
1173 hci_dev_unlock(hdev);
1176 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1177 struct sk_buff *skb)
1179 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1181 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1182 hdev->name, rp->status, rp->phy_handle);
1187 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1190 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1195 hci_conn_check_pending(hdev);
1199 set_bit(HCI_INQUIRY, &hdev->flags);
1202 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1204 struct hci_cp_create_conn *cp;
1205 struct hci_conn *conn;
1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1209 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1217 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1220 if (conn && conn->state == BT_CONNECT) {
1221 if (status != 0x0c || conn->attempt > 2) {
1222 conn->state = BT_CLOSED;
1223 hci_proto_connect_cfm(conn, status);
1226 conn->state = BT_CONNECT2;
1230 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1233 conn->link_mode |= HCI_LM_MASTER;
1235 BT_ERR("No memory for new connection");
1239 hci_dev_unlock(hdev);
1242 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1244 struct hci_cp_add_sco *cp;
1245 struct hci_conn *acl, *sco;
1248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1253 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1257 handle = __le16_to_cpu(cp->handle);
1259 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1263 acl = hci_conn_hash_lookup_handle(hdev, handle);
1267 sco->state = BT_CLOSED;
1269 hci_proto_connect_cfm(sco, status);
1274 hci_dev_unlock(hdev);
1277 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1279 struct hci_cp_auth_requested *cp;
1280 struct hci_conn *conn;
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1295 if (conn->state == BT_CONFIG) {
1296 hci_proto_connect_cfm(conn, status);
1297 hci_conn_drop(conn);
1301 hci_dev_unlock(hdev);
1304 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1306 struct hci_cp_set_conn_encrypt *cp;
1307 struct hci_conn *conn;
1309 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1322 if (conn->state == BT_CONFIG) {
1323 hci_proto_connect_cfm(conn, status);
1324 hci_conn_drop(conn);
1328 hci_dev_unlock(hdev);
1331 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1332 struct hci_conn *conn)
1334 if (conn->state != BT_CONFIG || !conn->out)
1337 if (conn->pending_sec_level == BT_SECURITY_SDP)
1340 /* Only request authentication for SSP connections or non-SSP
1341 * devices with sec_level MEDIUM or HIGH or if MITM protection
1344 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1345 conn->pending_sec_level != BT_SECURITY_HIGH &&
1346 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1352 static int hci_resolve_name(struct hci_dev *hdev,
1353 struct inquiry_entry *e)
1355 struct hci_cp_remote_name_req cp;
1357 memset(&cp, 0, sizeof(cp));
1359 bacpy(&cp.bdaddr, &e->data.bdaddr);
1360 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1361 cp.pscan_mode = e->data.pscan_mode;
1362 cp.clock_offset = e->data.clock_offset;
1364 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1367 static bool hci_resolve_next_name(struct hci_dev *hdev)
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1372 if (list_empty(&discov->resolve))
1375 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1379 if (hci_resolve_name(hdev, e) == 0) {
1380 e->name_state = NAME_PENDING;
1387 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1388 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1390 struct discovery_state *discov = &hdev->discovery;
1391 struct inquiry_entry *e;
1393 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1394 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1395 name_len, conn->dev_class);
1397 if (discov->state == DISCOVERY_STOPPED)
1400 if (discov->state == DISCOVERY_STOPPING)
1401 goto discov_complete;
1403 if (discov->state != DISCOVERY_RESOLVING)
1406 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1407 /* If the device was not found in a list of found devices names of which
1408 * are pending. there is no need to continue resolving a next name as it
1409 * will be done upon receiving another Remote Name Request Complete
1416 e->name_state = NAME_KNOWN;
1417 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1418 e->data.rssi, name, name_len);
1420 e->name_state = NAME_NOT_KNOWN;
1423 if (hci_resolve_next_name(hdev))
1427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1430 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1432 struct hci_cp_remote_name_req *cp;
1433 struct hci_conn *conn;
1435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1437 /* If successful wait for the name req complete event before
1438 * checking for the need to do authentication */
1442 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1450 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1451 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1456 if (!hci_outgoing_auth_needed(hdev, conn))
1459 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1460 struct hci_cp_auth_requested auth_cp;
1462 auth_cp.handle = __cpu_to_le16(conn->handle);
1463 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1464 sizeof(auth_cp), &auth_cp);
1468 hci_dev_unlock(hdev);
1471 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1473 struct hci_cp_read_remote_features *cp;
1474 struct hci_conn *conn;
1476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1481 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1487 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1489 if (conn->state == BT_CONFIG) {
1490 hci_proto_connect_cfm(conn, status);
1491 hci_conn_drop(conn);
1495 hci_dev_unlock(hdev);
1498 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1500 struct hci_cp_read_remote_ext_features *cp;
1501 struct hci_conn *conn;
1503 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1514 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1516 if (conn->state == BT_CONFIG) {
1517 hci_proto_connect_cfm(conn, status);
1518 hci_conn_drop(conn);
1522 hci_dev_unlock(hdev);
1525 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1527 struct hci_cp_setup_sync_conn *cp;
1528 struct hci_conn *acl, *sco;
1531 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1536 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1540 handle = __le16_to_cpu(cp->handle);
1542 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1546 acl = hci_conn_hash_lookup_handle(hdev, handle);
1550 sco->state = BT_CLOSED;
1552 hci_proto_connect_cfm(sco, status);
1557 hci_dev_unlock(hdev);
1560 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1562 struct hci_cp_sniff_mode *cp;
1563 struct hci_conn *conn;
1565 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1570 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1578 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1580 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1581 hci_sco_setup(conn, status);
1584 hci_dev_unlock(hdev);
1587 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1589 struct hci_cp_exit_sniff_mode *cp;
1590 struct hci_conn *conn;
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1597 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1605 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1607 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1608 hci_sco_setup(conn, status);
1611 hci_dev_unlock(hdev);
1614 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1616 struct hci_cp_disconnect *cp;
1617 struct hci_conn *conn;
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1630 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1631 conn->dst_type, status);
1633 hci_dev_unlock(hdev);
1636 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1638 struct hci_cp_create_phy_link *cp;
1640 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1642 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1649 struct hci_conn *hcon;
1651 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1655 amp_write_remote_assoc(hdev, cp->phy_handle);
1658 hci_dev_unlock(hdev);
1661 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1663 struct hci_cp_accept_phy_link *cp;
1665 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1670 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1674 amp_write_remote_assoc(hdev, cp->phy_handle);
1677 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1679 struct hci_cp_le_create_conn *cp;
1680 struct hci_conn *conn;
1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1684 /* All connection failure handling is taken care of by the
1685 * hci_le_conn_failed function which is triggered by the HCI
1686 * request completion callbacks used for connecting.
1691 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1697 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1701 /* Store the initiator and responder address information which
1702 * is needed for SMP. These values will not change during the
1703 * lifetime of the connection.
1705 conn->init_addr_type = cp->own_address_type;
1706 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1707 bacpy(&conn->init_addr, &hdev->random_addr);
1709 bacpy(&conn->init_addr, &hdev->bdaddr);
1711 conn->resp_addr_type = cp->peer_addr_type;
1712 bacpy(&conn->resp_addr, &cp->peer_addr);
1714 /* We don't want the connection attempt to stick around
1715 * indefinitely since LE doesn't have a page timeout concept
1716 * like BR/EDR. Set a timer for any connection that doesn't use
1717 * the white list for connecting.
1719 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1720 queue_delayed_work(conn->hdev->workqueue,
1721 &conn->le_conn_timeout,
1722 HCI_LE_CONN_TIMEOUT);
1725 hci_dev_unlock(hdev);
1728 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1730 struct hci_cp_le_start_enc *cp;
1731 struct hci_conn *conn;
1733 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1748 if (conn->state != BT_CONNECTED)
1751 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1752 hci_conn_drop(conn);
1755 hci_dev_unlock(hdev);
1758 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1760 __u8 status = *((__u8 *) skb->data);
1761 struct discovery_state *discov = &hdev->discovery;
1762 struct inquiry_entry *e;
1764 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1766 hci_conn_check_pending(hdev);
1768 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1771 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1772 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1774 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1779 if (discov->state != DISCOVERY_FINDING)
1782 if (list_empty(&discov->resolve)) {
1783 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1787 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1788 if (e && hci_resolve_name(hdev, e) == 0) {
1789 e->name_state = NAME_PENDING;
1790 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1792 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1796 hci_dev_unlock(hdev);
1799 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1801 struct inquiry_data data;
1802 struct inquiry_info *info = (void *) (skb->data + 1);
1803 int num_rsp = *((__u8 *) skb->data);
1805 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1810 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1815 for (; num_rsp; num_rsp--, info++) {
1816 bool name_known, ssp;
1818 bacpy(&data.bdaddr, &info->bdaddr);
1819 data.pscan_rep_mode = info->pscan_rep_mode;
1820 data.pscan_period_mode = info->pscan_period_mode;
1821 data.pscan_mode = info->pscan_mode;
1822 memcpy(data.dev_class, info->dev_class, 3);
1823 data.clock_offset = info->clock_offset;
1825 data.ssp_mode = 0x00;
1827 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1829 info->dev_class, 0, !name_known, ssp, NULL,
1833 hci_dev_unlock(hdev);
1836 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1838 struct hci_ev_conn_complete *ev = (void *) skb->data;
1839 struct hci_conn *conn;
1841 BT_DBG("%s", hdev->name);
1845 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1847 if (ev->link_type != SCO_LINK)
1850 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1854 conn->type = SCO_LINK;
1858 conn->handle = __le16_to_cpu(ev->handle);
1860 if (conn->type == ACL_LINK) {
1861 conn->state = BT_CONFIG;
1862 hci_conn_hold(conn);
1864 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1865 !hci_find_link_key(hdev, &ev->bdaddr))
1866 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1868 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1870 conn->state = BT_CONNECTED;
1872 hci_conn_add_sysfs(conn);
1874 if (test_bit(HCI_AUTH, &hdev->flags))
1875 conn->link_mode |= HCI_LM_AUTH;
1877 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1878 conn->link_mode |= HCI_LM_ENCRYPT;
1880 /* Get remote features */
1881 if (conn->type == ACL_LINK) {
1882 struct hci_cp_read_remote_features cp;
1883 cp.handle = ev->handle;
1884 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1888 /* Set packet type for incoming connection */
1889 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1890 struct hci_cp_change_conn_ptype cp;
1891 cp.handle = ev->handle;
1892 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1893 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1897 conn->state = BT_CLOSED;
1898 if (conn->type == ACL_LINK)
1899 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1900 conn->dst_type, ev->status);
1903 if (conn->type == ACL_LINK)
1904 hci_sco_setup(conn, ev->status);
1907 hci_proto_connect_cfm(conn, ev->status);
1909 } else if (ev->link_type != ACL_LINK)
1910 hci_proto_connect_cfm(conn, ev->status);
1913 hci_dev_unlock(hdev);
1915 hci_conn_check_pending(hdev);
1918 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1920 struct hci_ev_conn_request *ev = (void *) skb->data;
1921 int mask = hdev->link_mode;
1924 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1927 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1930 if ((mask & HCI_LM_ACCEPT) &&
1931 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1932 /* Connection accepted */
1933 struct inquiry_entry *ie;
1934 struct hci_conn *conn;
1938 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1940 memcpy(ie->data.dev_class, ev->dev_class, 3);
1942 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1945 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1947 BT_ERR("No memory for new connection");
1948 hci_dev_unlock(hdev);
1953 memcpy(conn->dev_class, ev->dev_class, 3);
1955 hci_dev_unlock(hdev);
1957 if (ev->link_type == ACL_LINK ||
1958 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1959 struct hci_cp_accept_conn_req cp;
1960 conn->state = BT_CONNECT;
1962 bacpy(&cp.bdaddr, &ev->bdaddr);
1964 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1965 cp.role = 0x00; /* Become master */
1967 cp.role = 0x01; /* Remain slave */
1969 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1971 } else if (!(flags & HCI_PROTO_DEFER)) {
1972 struct hci_cp_accept_sync_conn_req cp;
1973 conn->state = BT_CONNECT;
1975 bacpy(&cp.bdaddr, &ev->bdaddr);
1976 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1978 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1979 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1980 cp.max_latency = cpu_to_le16(0xffff);
1981 cp.content_format = cpu_to_le16(hdev->voice_setting);
1982 cp.retrans_effort = 0xff;
1984 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1987 conn->state = BT_CONNECT2;
1988 hci_proto_connect_cfm(conn, 0);
1991 /* Connection rejected */
1992 struct hci_cp_reject_conn_req cp;
1994 bacpy(&cp.bdaddr, &ev->bdaddr);
1995 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1996 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2000 static u8 hci_to_mgmt_reason(u8 err)
2003 case HCI_ERROR_CONNECTION_TIMEOUT:
2004 return MGMT_DEV_DISCONN_TIMEOUT;
2005 case HCI_ERROR_REMOTE_USER_TERM:
2006 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2007 case HCI_ERROR_REMOTE_POWER_OFF:
2008 return MGMT_DEV_DISCONN_REMOTE;
2009 case HCI_ERROR_LOCAL_HOST_TERM:
2010 return MGMT_DEV_DISCONN_LOCAL_HOST;
2012 return MGMT_DEV_DISCONN_UNKNOWN;
2016 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2018 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2019 u8 reason = hci_to_mgmt_reason(ev->reason);
2020 struct hci_conn_params *params;
2021 struct hci_conn *conn;
2022 bool mgmt_connected;
2025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2034 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2035 conn->dst_type, ev->status);
2039 conn->state = BT_CLOSED;
2041 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2042 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2043 reason, mgmt_connected);
2045 if (conn->type == ACL_LINK && conn->flush_key)
2046 hci_remove_link_key(hdev, &conn->dst);
2048 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2050 switch (params->auto_connect) {
2051 case HCI_AUTO_CONN_LINK_LOSS:
2052 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2056 case HCI_AUTO_CONN_ALWAYS:
2057 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2067 hci_proto_disconn_cfm(conn, ev->reason);
2070 /* Re-enable advertising if necessary, since it might
2071 * have been disabled by the connection. From the
2072 * HCI_LE_Set_Advertise_Enable command description in
2073 * the core specification (v4.0):
2074 * "The Controller shall continue advertising until the Host
2075 * issues an LE_Set_Advertise_Enable command with
2076 * Advertising_Enable set to 0x00 (Advertising is disabled)
2077 * or until a connection is created or until the Advertising
2078 * is timed out due to Directed Advertising."
2080 if (type == LE_LINK)
2081 mgmt_reenable_advertising(hdev);
2084 hci_dev_unlock(hdev);
2087 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2089 struct hci_ev_auth_complete *ev = (void *) skb->data;
2090 struct hci_conn *conn;
2092 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2101 if (!hci_conn_ssp_enabled(conn) &&
2102 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2103 BT_INFO("re-auth of legacy device is not possible.");
2105 conn->link_mode |= HCI_LM_AUTH;
2106 conn->sec_level = conn->pending_sec_level;
2109 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2113 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2114 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2116 if (conn->state == BT_CONFIG) {
2117 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2118 struct hci_cp_set_conn_encrypt cp;
2119 cp.handle = ev->handle;
2121 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2124 conn->state = BT_CONNECTED;
2125 hci_proto_connect_cfm(conn, ev->status);
2126 hci_conn_drop(conn);
2129 hci_auth_cfm(conn, ev->status);
2131 hci_conn_hold(conn);
2132 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2133 hci_conn_drop(conn);
2136 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2138 struct hci_cp_set_conn_encrypt cp;
2139 cp.handle = ev->handle;
2141 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2144 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2145 hci_encrypt_cfm(conn, ev->status, 0x00);
2150 hci_dev_unlock(hdev);
2153 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2155 struct hci_ev_remote_name *ev = (void *) skb->data;
2156 struct hci_conn *conn;
2158 BT_DBG("%s", hdev->name);
2160 hci_conn_check_pending(hdev);
2164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2166 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2169 if (ev->status == 0)
2170 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2171 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2173 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2179 if (!hci_outgoing_auth_needed(hdev, conn))
2182 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2183 struct hci_cp_auth_requested cp;
2184 cp.handle = __cpu_to_le16(conn->handle);
2185 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2189 hci_dev_unlock(hdev);
2192 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2194 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2195 struct hci_conn *conn;
2197 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2201 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2207 /* Encryption implies authentication */
2208 conn->link_mode |= HCI_LM_AUTH;
2209 conn->link_mode |= HCI_LM_ENCRYPT;
2210 conn->sec_level = conn->pending_sec_level;
2212 /* P-256 authentication key implies FIPS */
2213 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2214 conn->link_mode |= HCI_LM_FIPS;
2216 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2217 conn->type == LE_LINK)
2218 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2220 conn->link_mode &= ~HCI_LM_ENCRYPT;
2221 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2225 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2227 if (ev->status && conn->state == BT_CONNECTED) {
2228 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2229 hci_conn_drop(conn);
2233 if (conn->state == BT_CONFIG) {
2235 conn->state = BT_CONNECTED;
2237 /* In Secure Connections Only mode, do not allow any
2238 * connections that are not encrypted with AES-CCM
2239 * using a P-256 authenticated combination key.
2241 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2242 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2243 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2244 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2245 hci_conn_drop(conn);
2249 hci_proto_connect_cfm(conn, ev->status);
2250 hci_conn_drop(conn);
2252 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2255 hci_dev_unlock(hdev);
2258 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2259 struct sk_buff *skb)
2261 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2262 struct hci_conn *conn;
2264 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2271 conn->link_mode |= HCI_LM_SECURE;
2273 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2275 hci_key_change_cfm(conn, ev->status);
2278 hci_dev_unlock(hdev);
2281 static void hci_remote_features_evt(struct hci_dev *hdev,
2282 struct sk_buff *skb)
2284 struct hci_ev_remote_features *ev = (void *) skb->data;
2285 struct hci_conn *conn;
2287 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2296 memcpy(conn->features[0], ev->features, 8);
2298 if (conn->state != BT_CONFIG)
2301 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2302 struct hci_cp_read_remote_ext_features cp;
2303 cp.handle = ev->handle;
2305 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2310 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2311 struct hci_cp_remote_name_req cp;
2312 memset(&cp, 0, sizeof(cp));
2313 bacpy(&cp.bdaddr, &conn->dst);
2314 cp.pscan_rep_mode = 0x02;
2315 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2316 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2317 mgmt_device_connected(hdev, &conn->dst, conn->type,
2318 conn->dst_type, 0, NULL, 0,
2321 if (!hci_outgoing_auth_needed(hdev, conn)) {
2322 conn->state = BT_CONNECTED;
2323 hci_proto_connect_cfm(conn, ev->status);
2324 hci_conn_drop(conn);
2328 hci_dev_unlock(hdev);
2331 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2333 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2334 u8 status = skb->data[sizeof(*ev)];
2337 skb_pull(skb, sizeof(*ev));
2339 opcode = __le16_to_cpu(ev->opcode);
2342 case HCI_OP_INQUIRY_CANCEL:
2343 hci_cc_inquiry_cancel(hdev, skb);
2346 case HCI_OP_PERIODIC_INQ:
2347 hci_cc_periodic_inq(hdev, skb);
2350 case HCI_OP_EXIT_PERIODIC_INQ:
2351 hci_cc_exit_periodic_inq(hdev, skb);
2354 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2355 hci_cc_remote_name_req_cancel(hdev, skb);
2358 case HCI_OP_ROLE_DISCOVERY:
2359 hci_cc_role_discovery(hdev, skb);
2362 case HCI_OP_READ_LINK_POLICY:
2363 hci_cc_read_link_policy(hdev, skb);
2366 case HCI_OP_WRITE_LINK_POLICY:
2367 hci_cc_write_link_policy(hdev, skb);
2370 case HCI_OP_READ_DEF_LINK_POLICY:
2371 hci_cc_read_def_link_policy(hdev, skb);
2374 case HCI_OP_WRITE_DEF_LINK_POLICY:
2375 hci_cc_write_def_link_policy(hdev, skb);
2379 hci_cc_reset(hdev, skb);
2382 case HCI_OP_WRITE_LOCAL_NAME:
2383 hci_cc_write_local_name(hdev, skb);
2386 case HCI_OP_READ_LOCAL_NAME:
2387 hci_cc_read_local_name(hdev, skb);
2390 case HCI_OP_WRITE_AUTH_ENABLE:
2391 hci_cc_write_auth_enable(hdev, skb);
2394 case HCI_OP_WRITE_ENCRYPT_MODE:
2395 hci_cc_write_encrypt_mode(hdev, skb);
2398 case HCI_OP_WRITE_SCAN_ENABLE:
2399 hci_cc_write_scan_enable(hdev, skb);
2402 case HCI_OP_READ_CLASS_OF_DEV:
2403 hci_cc_read_class_of_dev(hdev, skb);
2406 case HCI_OP_WRITE_CLASS_OF_DEV:
2407 hci_cc_write_class_of_dev(hdev, skb);
2410 case HCI_OP_READ_VOICE_SETTING:
2411 hci_cc_read_voice_setting(hdev, skb);
2414 case HCI_OP_WRITE_VOICE_SETTING:
2415 hci_cc_write_voice_setting(hdev, skb);
2418 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2419 hci_cc_read_num_supported_iac(hdev, skb);
2422 case HCI_OP_WRITE_SSP_MODE:
2423 hci_cc_write_ssp_mode(hdev, skb);
2426 case HCI_OP_WRITE_SC_SUPPORT:
2427 hci_cc_write_sc_support(hdev, skb);
2430 case HCI_OP_READ_LOCAL_VERSION:
2431 hci_cc_read_local_version(hdev, skb);
2434 case HCI_OP_READ_LOCAL_COMMANDS:
2435 hci_cc_read_local_commands(hdev, skb);
2438 case HCI_OP_READ_LOCAL_FEATURES:
2439 hci_cc_read_local_features(hdev, skb);
2442 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2443 hci_cc_read_local_ext_features(hdev, skb);
2446 case HCI_OP_READ_BUFFER_SIZE:
2447 hci_cc_read_buffer_size(hdev, skb);
2450 case HCI_OP_READ_BD_ADDR:
2451 hci_cc_read_bd_addr(hdev, skb);
2454 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2455 hci_cc_read_page_scan_activity(hdev, skb);
2458 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2459 hci_cc_write_page_scan_activity(hdev, skb);
2462 case HCI_OP_READ_PAGE_SCAN_TYPE:
2463 hci_cc_read_page_scan_type(hdev, skb);
2466 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2467 hci_cc_write_page_scan_type(hdev, skb);
2470 case HCI_OP_READ_DATA_BLOCK_SIZE:
2471 hci_cc_read_data_block_size(hdev, skb);
2474 case HCI_OP_READ_FLOW_CONTROL_MODE:
2475 hci_cc_read_flow_control_mode(hdev, skb);
2478 case HCI_OP_READ_LOCAL_AMP_INFO:
2479 hci_cc_read_local_amp_info(hdev, skb);
2482 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2483 hci_cc_read_local_amp_assoc(hdev, skb);
2486 case HCI_OP_READ_INQ_RSP_TX_POWER:
2487 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2490 case HCI_OP_PIN_CODE_REPLY:
2491 hci_cc_pin_code_reply(hdev, skb);
2494 case HCI_OP_PIN_CODE_NEG_REPLY:
2495 hci_cc_pin_code_neg_reply(hdev, skb);
2498 case HCI_OP_READ_LOCAL_OOB_DATA:
2499 hci_cc_read_local_oob_data(hdev, skb);
2502 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2503 hci_cc_read_local_oob_ext_data(hdev, skb);
2506 case HCI_OP_LE_READ_BUFFER_SIZE:
2507 hci_cc_le_read_buffer_size(hdev, skb);
2510 case HCI_OP_LE_READ_LOCAL_FEATURES:
2511 hci_cc_le_read_local_features(hdev, skb);
2514 case HCI_OP_LE_READ_ADV_TX_POWER:
2515 hci_cc_le_read_adv_tx_power(hdev, skb);
2518 case HCI_OP_USER_CONFIRM_REPLY:
2519 hci_cc_user_confirm_reply(hdev, skb);
2522 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2523 hci_cc_user_confirm_neg_reply(hdev, skb);
2526 case HCI_OP_USER_PASSKEY_REPLY:
2527 hci_cc_user_passkey_reply(hdev, skb);
2530 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2531 hci_cc_user_passkey_neg_reply(hdev, skb);
2534 case HCI_OP_LE_SET_RANDOM_ADDR:
2535 hci_cc_le_set_random_addr(hdev, skb);
2538 case HCI_OP_LE_SET_ADV_ENABLE:
2539 hci_cc_le_set_adv_enable(hdev, skb);
2542 case HCI_OP_LE_SET_SCAN_PARAM:
2543 hci_cc_le_set_scan_param(hdev, skb);
2546 case HCI_OP_LE_SET_SCAN_ENABLE:
2547 hci_cc_le_set_scan_enable(hdev, skb);
2550 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2551 hci_cc_le_read_white_list_size(hdev, skb);
2554 case HCI_OP_LE_CLEAR_WHITE_LIST:
2555 hci_cc_le_clear_white_list(hdev, skb);
2558 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2559 hci_cc_le_add_to_white_list(hdev, skb);
2562 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2563 hci_cc_le_del_from_white_list(hdev, skb);
2566 case HCI_OP_LE_READ_SUPPORTED_STATES:
2567 hci_cc_le_read_supported_states(hdev, skb);
2570 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2571 hci_cc_write_le_host_supported(hdev, skb);
2574 case HCI_OP_LE_SET_ADV_PARAM:
2575 hci_cc_set_adv_param(hdev, skb);
2578 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2579 hci_cc_write_remote_amp_assoc(hdev, skb);
2583 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2587 if (opcode != HCI_OP_NOP)
2588 del_timer(&hdev->cmd_timer);
2590 hci_req_cmd_complete(hdev, opcode, status);
2592 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2593 atomic_set(&hdev->cmd_cnt, 1);
2594 if (!skb_queue_empty(&hdev->cmd_q))
2595 queue_work(hdev->workqueue, &hdev->cmd_work);
2599 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2601 struct hci_ev_cmd_status *ev = (void *) skb->data;
2604 skb_pull(skb, sizeof(*ev));
2606 opcode = __le16_to_cpu(ev->opcode);
2609 case HCI_OP_INQUIRY:
2610 hci_cs_inquiry(hdev, ev->status);
2613 case HCI_OP_CREATE_CONN:
2614 hci_cs_create_conn(hdev, ev->status);
2617 case HCI_OP_ADD_SCO:
2618 hci_cs_add_sco(hdev, ev->status);
2621 case HCI_OP_AUTH_REQUESTED:
2622 hci_cs_auth_requested(hdev, ev->status);
2625 case HCI_OP_SET_CONN_ENCRYPT:
2626 hci_cs_set_conn_encrypt(hdev, ev->status);
2629 case HCI_OP_REMOTE_NAME_REQ:
2630 hci_cs_remote_name_req(hdev, ev->status);
2633 case HCI_OP_READ_REMOTE_FEATURES:
2634 hci_cs_read_remote_features(hdev, ev->status);
2637 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2638 hci_cs_read_remote_ext_features(hdev, ev->status);
2641 case HCI_OP_SETUP_SYNC_CONN:
2642 hci_cs_setup_sync_conn(hdev, ev->status);
2645 case HCI_OP_SNIFF_MODE:
2646 hci_cs_sniff_mode(hdev, ev->status);
2649 case HCI_OP_EXIT_SNIFF_MODE:
2650 hci_cs_exit_sniff_mode(hdev, ev->status);
2653 case HCI_OP_DISCONNECT:
2654 hci_cs_disconnect(hdev, ev->status);
2657 case HCI_OP_CREATE_PHY_LINK:
2658 hci_cs_create_phylink(hdev, ev->status);
2661 case HCI_OP_ACCEPT_PHY_LINK:
2662 hci_cs_accept_phylink(hdev, ev->status);
2665 case HCI_OP_LE_CREATE_CONN:
2666 hci_cs_le_create_conn(hdev, ev->status);
2669 case HCI_OP_LE_START_ENC:
2670 hci_cs_le_start_enc(hdev, ev->status);
2674 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2678 if (opcode != HCI_OP_NOP)
2679 del_timer(&hdev->cmd_timer);
2682 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2683 hci_req_cmd_complete(hdev, opcode, ev->status);
2685 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2686 atomic_set(&hdev->cmd_cnt, 1);
2687 if (!skb_queue_empty(&hdev->cmd_q))
2688 queue_work(hdev->workqueue, &hdev->cmd_work);
2692 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2694 struct hci_ev_role_change *ev = (void *) skb->data;
2695 struct hci_conn *conn;
2697 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2701 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2705 conn->link_mode &= ~HCI_LM_MASTER;
2707 conn->link_mode |= HCI_LM_MASTER;
2710 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2712 hci_role_switch_cfm(conn, ev->status, ev->role);
2715 hci_dev_unlock(hdev);
2718 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2720 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2723 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2724 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2728 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2729 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2730 BT_DBG("%s bad parameters", hdev->name);
2734 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2736 for (i = 0; i < ev->num_hndl; i++) {
2737 struct hci_comp_pkts_info *info = &ev->handles[i];
2738 struct hci_conn *conn;
2739 __u16 handle, count;
2741 handle = __le16_to_cpu(info->handle);
2742 count = __le16_to_cpu(info->count);
2744 conn = hci_conn_hash_lookup_handle(hdev, handle);
2748 conn->sent -= count;
2750 switch (conn->type) {
2752 hdev->acl_cnt += count;
2753 if (hdev->acl_cnt > hdev->acl_pkts)
2754 hdev->acl_cnt = hdev->acl_pkts;
2758 if (hdev->le_pkts) {
2759 hdev->le_cnt += count;
2760 if (hdev->le_cnt > hdev->le_pkts)
2761 hdev->le_cnt = hdev->le_pkts;
2763 hdev->acl_cnt += count;
2764 if (hdev->acl_cnt > hdev->acl_pkts)
2765 hdev->acl_cnt = hdev->acl_pkts;
2770 hdev->sco_cnt += count;
2771 if (hdev->sco_cnt > hdev->sco_pkts)
2772 hdev->sco_cnt = hdev->sco_pkts;
2776 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2781 queue_work(hdev->workqueue, &hdev->tx_work);
2784 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2787 struct hci_chan *chan;
2789 switch (hdev->dev_type) {
2791 return hci_conn_hash_lookup_handle(hdev, handle);
2793 chan = hci_chan_lookup_handle(hdev, handle);
2798 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2805 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2807 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2810 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2811 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2815 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2816 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2817 BT_DBG("%s bad parameters", hdev->name);
2821 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2824 for (i = 0; i < ev->num_hndl; i++) {
2825 struct hci_comp_blocks_info *info = &ev->handles[i];
2826 struct hci_conn *conn = NULL;
2827 __u16 handle, block_count;
2829 handle = __le16_to_cpu(info->handle);
2830 block_count = __le16_to_cpu(info->blocks);
2832 conn = __hci_conn_lookup_handle(hdev, handle);
2836 conn->sent -= block_count;
2838 switch (conn->type) {
2841 hdev->block_cnt += block_count;
2842 if (hdev->block_cnt > hdev->num_blocks)
2843 hdev->block_cnt = hdev->num_blocks;
2847 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2852 queue_work(hdev->workqueue, &hdev->tx_work);
2855 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2857 struct hci_ev_mode_change *ev = (void *) skb->data;
2858 struct hci_conn *conn;
2860 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2864 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2866 conn->mode = ev->mode;
2868 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2870 if (conn->mode == HCI_CM_ACTIVE)
2871 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2873 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2876 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2877 hci_sco_setup(conn, ev->status);
2880 hci_dev_unlock(hdev);
2883 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2885 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2886 struct hci_conn *conn;
2888 BT_DBG("%s", hdev->name);
2892 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2896 if (conn->state == BT_CONNECTED) {
2897 hci_conn_hold(conn);
2898 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2899 hci_conn_drop(conn);
2902 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2903 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2904 sizeof(ev->bdaddr), &ev->bdaddr);
2905 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2908 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2913 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2917 hci_dev_unlock(hdev);
2920 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2922 struct hci_ev_link_key_req *ev = (void *) skb->data;
2923 struct hci_cp_link_key_reply cp;
2924 struct hci_conn *conn;
2925 struct link_key *key;
2927 BT_DBG("%s", hdev->name);
2929 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2934 key = hci_find_link_key(hdev, &ev->bdaddr);
2936 BT_DBG("%s link key not found for %pMR", hdev->name,
2941 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2944 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2945 key->type == HCI_LK_DEBUG_COMBINATION) {
2946 BT_DBG("%s ignoring debug key", hdev->name);
2950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2952 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
2953 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
2954 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2955 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2959 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2960 conn->pending_sec_level == BT_SECURITY_HIGH) {
2961 BT_DBG("%s ignoring key unauthenticated for high security",
2966 conn->key_type = key->type;
2967 conn->pin_length = key->pin_len;
2970 bacpy(&cp.bdaddr, &ev->bdaddr);
2971 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2973 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2975 hci_dev_unlock(hdev);
2980 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2981 hci_dev_unlock(hdev);
2984 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2986 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2987 struct hci_conn *conn;
2990 BT_DBG("%s", hdev->name);
2994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2996 hci_conn_hold(conn);
2997 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2998 pin_len = conn->pin_length;
3000 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3001 conn->key_type = ev->key_type;
3003 hci_conn_drop(conn);
3006 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3007 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
3008 ev->key_type, pin_len);
3010 hci_dev_unlock(hdev);
3013 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3015 struct hci_ev_clock_offset *ev = (void *) skb->data;
3016 struct hci_conn *conn;
3018 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3023 if (conn && !ev->status) {
3024 struct inquiry_entry *ie;
3026 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3028 ie->data.clock_offset = ev->clock_offset;
3029 ie->timestamp = jiffies;
3033 hci_dev_unlock(hdev);
3036 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3038 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3039 struct hci_conn *conn;
3041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3046 if (conn && !ev->status)
3047 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3049 hci_dev_unlock(hdev);
3052 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3054 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3055 struct inquiry_entry *ie;
3057 BT_DBG("%s", hdev->name);
3061 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3063 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3064 ie->timestamp = jiffies;
3067 hci_dev_unlock(hdev);
3070 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3071 struct sk_buff *skb)
3073 struct inquiry_data data;
3074 int num_rsp = *((__u8 *) skb->data);
3075 bool name_known, ssp;
3077 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3082 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3087 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3088 struct inquiry_info_with_rssi_and_pscan_mode *info;
3089 info = (void *) (skb->data + 1);
3091 for (; num_rsp; num_rsp--, info++) {
3092 bacpy(&data.bdaddr, &info->bdaddr);
3093 data.pscan_rep_mode = info->pscan_rep_mode;
3094 data.pscan_period_mode = info->pscan_period_mode;
3095 data.pscan_mode = info->pscan_mode;
3096 memcpy(data.dev_class, info->dev_class, 3);
3097 data.clock_offset = info->clock_offset;
3098 data.rssi = info->rssi;
3099 data.ssp_mode = 0x00;
3101 name_known = hci_inquiry_cache_update(hdev, &data,
3103 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3104 info->dev_class, info->rssi,
3105 !name_known, ssp, NULL, 0);
3108 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3110 for (; num_rsp; num_rsp--, info++) {
3111 bacpy(&data.bdaddr, &info->bdaddr);
3112 data.pscan_rep_mode = info->pscan_rep_mode;
3113 data.pscan_period_mode = info->pscan_period_mode;
3114 data.pscan_mode = 0x00;
3115 memcpy(data.dev_class, info->dev_class, 3);
3116 data.clock_offset = info->clock_offset;
3117 data.rssi = info->rssi;
3118 data.ssp_mode = 0x00;
3119 name_known = hci_inquiry_cache_update(hdev, &data,
3121 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3122 info->dev_class, info->rssi,
3123 !name_known, ssp, NULL, 0);
3127 hci_dev_unlock(hdev);
3130 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3131 struct sk_buff *skb)
3133 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3134 struct hci_conn *conn;
3136 BT_DBG("%s", hdev->name);
3140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3144 if (ev->page < HCI_MAX_PAGES)
3145 memcpy(conn->features[ev->page], ev->features, 8);
3147 if (!ev->status && ev->page == 0x01) {
3148 struct inquiry_entry *ie;
3150 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3152 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3154 if (ev->features[0] & LMP_HOST_SSP) {
3155 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3157 /* It is mandatory by the Bluetooth specification that
3158 * Extended Inquiry Results are only used when Secure
3159 * Simple Pairing is enabled, but some devices violate
3162 * To make these devices work, the internal SSP
3163 * enabled flag needs to be cleared if the remote host
3164 * features do not indicate SSP support */
3165 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3168 if (ev->features[0] & LMP_HOST_SC)
3169 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3172 if (conn->state != BT_CONFIG)
3175 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3176 struct hci_cp_remote_name_req cp;
3177 memset(&cp, 0, sizeof(cp));
3178 bacpy(&cp.bdaddr, &conn->dst);
3179 cp.pscan_rep_mode = 0x02;
3180 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3181 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3182 mgmt_device_connected(hdev, &conn->dst, conn->type,
3183 conn->dst_type, 0, NULL, 0,
3186 if (!hci_outgoing_auth_needed(hdev, conn)) {
3187 conn->state = BT_CONNECTED;
3188 hci_proto_connect_cfm(conn, ev->status);
3189 hci_conn_drop(conn);
3193 hci_dev_unlock(hdev);
3196 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
3199 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3200 struct hci_conn *conn;
3202 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3206 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3208 if (ev->link_type == ESCO_LINK)
3211 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3215 conn->type = SCO_LINK;
3218 switch (ev->status) {
3220 conn->handle = __le16_to_cpu(ev->handle);
3221 conn->state = BT_CONNECTED;
3223 hci_conn_add_sysfs(conn);
3226 case 0x0d: /* Connection Rejected due to Limited Resources */
3227 case 0x11: /* Unsupported Feature or Parameter Value */
3228 case 0x1c: /* SCO interval rejected */
3229 case 0x1a: /* Unsupported Remote Feature */
3230 case 0x1f: /* Unspecified error */
3231 case 0x20: /* Unsupported LMP Parameter value */
3233 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3234 (hdev->esco_type & EDR_ESCO_MASK);
3235 if (hci_setup_sync(conn, conn->link->handle))
3241 conn->state = BT_CLOSED;
3245 hci_proto_connect_cfm(conn, ev->status);
3250 hci_dev_unlock(hdev);
3253 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3257 while (parsed < eir_len) {
3258 u8 field_len = eir[0];
3263 parsed += field_len + 1;
3264 eir += field_len + 1;
3270 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3271 struct sk_buff *skb)
3273 struct inquiry_data data;
3274 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3275 int num_rsp = *((__u8 *) skb->data);
3278 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3283 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3288 for (; num_rsp; num_rsp--, info++) {
3289 bool name_known, ssp;
3291 bacpy(&data.bdaddr, &info->bdaddr);
3292 data.pscan_rep_mode = info->pscan_rep_mode;
3293 data.pscan_period_mode = info->pscan_period_mode;
3294 data.pscan_mode = 0x00;
3295 memcpy(data.dev_class, info->dev_class, 3);
3296 data.clock_offset = info->clock_offset;
3297 data.rssi = info->rssi;
3298 data.ssp_mode = 0x01;
3300 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3301 name_known = eir_has_data_type(info->data,
3307 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3309 eir_len = eir_get_length(info->data, sizeof(info->data));
3310 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3311 info->dev_class, info->rssi, !name_known,
3312 ssp, info->data, eir_len);
3315 hci_dev_unlock(hdev);
3318 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3319 struct sk_buff *skb)
3321 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3322 struct hci_conn *conn;
3324 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3325 __le16_to_cpu(ev->handle));
3329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3334 conn->sec_level = conn->pending_sec_level;
3336 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3338 if (ev->status && conn->state == BT_CONNECTED) {
3339 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3340 hci_conn_drop(conn);
3344 if (conn->state == BT_CONFIG) {
3346 conn->state = BT_CONNECTED;
3348 hci_proto_connect_cfm(conn, ev->status);
3349 hci_conn_drop(conn);
3351 hci_auth_cfm(conn, ev->status);
3353 hci_conn_hold(conn);
3354 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3355 hci_conn_drop(conn);
3359 hci_dev_unlock(hdev);
3362 static u8 hci_get_auth_req(struct hci_conn *conn)
3364 /* If remote requests dedicated bonding follow that lead */
3365 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3366 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3367 /* If both remote and local IO capabilities allow MITM
3368 * protection then require it, otherwise don't */
3369 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3370 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3371 return HCI_AT_DEDICATED_BONDING;
3373 return HCI_AT_DEDICATED_BONDING_MITM;
3376 /* If remote requests no-bonding follow that lead */
3377 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3378 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3379 return conn->remote_auth | (conn->auth_type & 0x01);
3381 return conn->auth_type;
3384 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3386 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3387 struct hci_conn *conn;
3389 BT_DBG("%s", hdev->name);
3393 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3397 hci_conn_hold(conn);
3399 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3403 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3404 struct hci_cp_io_capability_reply cp;
3406 bacpy(&cp.bdaddr, &ev->bdaddr);
3407 /* Change the IO capability from KeyboardDisplay
3408 * to DisplayYesNo as it is not supported by BT spec. */
3409 cp.capability = (conn->io_capability == 0x04) ?
3410 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3411 conn->auth_type = hci_get_auth_req(conn);
3412 cp.authentication = conn->auth_type;
3414 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3415 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3420 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3423 struct hci_cp_io_capability_neg_reply cp;
3425 bacpy(&cp.bdaddr, &ev->bdaddr);
3426 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3428 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3433 hci_dev_unlock(hdev);
3436 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3438 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3439 struct hci_conn *conn;
3441 BT_DBG("%s", hdev->name);
3445 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3449 conn->remote_cap = ev->capability;
3450 conn->remote_auth = ev->authentication;
3452 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3455 hci_dev_unlock(hdev);
3458 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3459 struct sk_buff *skb)
3461 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3462 int loc_mitm, rem_mitm, confirm_hint = 0;
3463 struct hci_conn *conn;
3465 BT_DBG("%s", hdev->name);
3469 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3472 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3476 loc_mitm = (conn->auth_type & 0x01);
3477 rem_mitm = (conn->remote_auth & 0x01);
3479 /* If we require MITM but the remote device can't provide that
3480 * (it has NoInputNoOutput) then reject the confirmation
3481 * request. The only exception is when we're dedicated bonding
3482 * initiators (connect_cfm_cb set) since then we always have the MITM
3484 if (!conn->connect_cfm_cb && loc_mitm &&
3485 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3486 BT_DBG("Rejecting request: remote device can't provide MITM");
3487 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3488 sizeof(ev->bdaddr), &ev->bdaddr);
3492 /* If no side requires MITM protection; auto-accept */
3493 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3494 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3496 /* If we're not the initiators request authorization to
3497 * proceed from user space (mgmt_user_confirm with
3498 * confirm_hint set to 1). */
3499 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3500 BT_DBG("Confirming auto-accept as acceptor");
3505 BT_DBG("Auto-accept of user confirmation with %ums delay",
3506 hdev->auto_accept_delay);
3508 if (hdev->auto_accept_delay > 0) {
3509 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3510 queue_delayed_work(conn->hdev->workqueue,
3511 &conn->auto_accept_work, delay);
3515 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3516 sizeof(ev->bdaddr), &ev->bdaddr);
3521 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3522 le32_to_cpu(ev->passkey), confirm_hint);
3525 hci_dev_unlock(hdev);
3528 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3529 struct sk_buff *skb)
3531 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3533 BT_DBG("%s", hdev->name);
3535 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3536 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3539 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3540 struct sk_buff *skb)
3542 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3543 struct hci_conn *conn;
3545 BT_DBG("%s", hdev->name);
3547 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3551 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3552 conn->passkey_entered = 0;
3554 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3555 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3556 conn->dst_type, conn->passkey_notify,
3557 conn->passkey_entered);
3560 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3562 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3563 struct hci_conn *conn;
3565 BT_DBG("%s", hdev->name);
3567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3572 case HCI_KEYPRESS_STARTED:
3573 conn->passkey_entered = 0;
3576 case HCI_KEYPRESS_ENTERED:
3577 conn->passkey_entered++;
3580 case HCI_KEYPRESS_ERASED:
3581 conn->passkey_entered--;
3584 case HCI_KEYPRESS_CLEARED:
3585 conn->passkey_entered = 0;
3588 case HCI_KEYPRESS_COMPLETED:
3592 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3593 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3594 conn->dst_type, conn->passkey_notify,
3595 conn->passkey_entered);
3598 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3599 struct sk_buff *skb)
3601 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3602 struct hci_conn *conn;
3604 BT_DBG("%s", hdev->name);
3608 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3612 /* To avoid duplicate auth_failed events to user space we check
3613 * the HCI_CONN_AUTH_PEND flag which will be set if we
3614 * initiated the authentication. A traditional auth_complete
3615 * event gets always produced as initiator and is also mapped to
3616 * the mgmt_auth_failed event */
3617 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3618 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3621 hci_conn_drop(conn);
3624 hci_dev_unlock(hdev);
3627 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3628 struct sk_buff *skb)
3630 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3631 struct inquiry_entry *ie;
3632 struct hci_conn *conn;
3634 BT_DBG("%s", hdev->name);
3638 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3640 memcpy(conn->features[1], ev->features, 8);
3642 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3644 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3646 hci_dev_unlock(hdev);
3649 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3650 struct sk_buff *skb)
3652 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3653 struct oob_data *data;
3655 BT_DBG("%s", hdev->name);
3659 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3662 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3664 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3665 struct hci_cp_remote_oob_ext_data_reply cp;
3667 bacpy(&cp.bdaddr, &ev->bdaddr);
3668 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3669 memcpy(cp.randomizer192, data->randomizer192,
3670 sizeof(cp.randomizer192));
3671 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3672 memcpy(cp.randomizer256, data->randomizer256,
3673 sizeof(cp.randomizer256));
3675 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3678 struct hci_cp_remote_oob_data_reply cp;
3680 bacpy(&cp.bdaddr, &ev->bdaddr);
3681 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3682 memcpy(cp.randomizer, data->randomizer192,
3683 sizeof(cp.randomizer));
3685 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3689 struct hci_cp_remote_oob_data_neg_reply cp;
3691 bacpy(&cp.bdaddr, &ev->bdaddr);
3692 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3697 hci_dev_unlock(hdev);
3700 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3701 struct sk_buff *skb)
3703 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3704 struct hci_conn *hcon, *bredr_hcon;
3706 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3711 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3713 hci_dev_unlock(hdev);
3719 hci_dev_unlock(hdev);
3723 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3725 hcon->state = BT_CONNECTED;
3726 bacpy(&hcon->dst, &bredr_hcon->dst);
3728 hci_conn_hold(hcon);
3729 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3730 hci_conn_drop(hcon);
3732 hci_conn_add_sysfs(hcon);
3734 amp_physical_cfm(bredr_hcon, hcon);
3736 hci_dev_unlock(hdev);
3739 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3741 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3742 struct hci_conn *hcon;
3743 struct hci_chan *hchan;
3744 struct amp_mgr *mgr;
3746 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3747 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3750 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3754 /* Create AMP hchan */
3755 hchan = hci_chan_create(hcon);
3759 hchan->handle = le16_to_cpu(ev->handle);
3761 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3763 mgr = hcon->amp_mgr;
3764 if (mgr && mgr->bredr_chan) {
3765 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3767 l2cap_chan_lock(bredr_chan);
3769 bredr_chan->conn->mtu = hdev->block_mtu;
3770 l2cap_logical_cfm(bredr_chan, hchan, 0);
3771 hci_conn_hold(hcon);
3773 l2cap_chan_unlock(bredr_chan);
3777 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3778 struct sk_buff *skb)
3780 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3781 struct hci_chan *hchan;
3783 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3784 le16_to_cpu(ev->handle), ev->status);
3791 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3795 amp_destroy_logical_link(hchan, ev->reason);
3798 hci_dev_unlock(hdev);
3801 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3802 struct sk_buff *skb)
3804 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3805 struct hci_conn *hcon;
3807 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3814 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3816 hcon->state = BT_CLOSED;
3820 hci_dev_unlock(hdev);
3823 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3825 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3826 struct hci_conn *conn;
3827 struct smp_irk *irk;
3829 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3833 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3835 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3837 BT_ERR("No memory for new connection");
3841 conn->dst_type = ev->bdaddr_type;
3843 /* The advertising parameters for own address type
3844 * define which source address and source address
3845 * type this connections has.
3847 if (bacmp(&conn->src, BDADDR_ANY)) {
3848 conn->src_type = ADDR_LE_DEV_PUBLIC;
3850 bacpy(&conn->src, &hdev->static_addr);
3851 conn->src_type = ADDR_LE_DEV_RANDOM;
3854 if (ev->role == LE_CONN_ROLE_MASTER) {
3856 conn->link_mode |= HCI_LM_MASTER;
3859 /* If we didn't have a hci_conn object previously
3860 * but we're in master role this must be something
3861 * initiated using a white list. Since white list based
3862 * connections are not "first class citizens" we don't
3863 * have full tracking of them. Therefore, we go ahead
3864 * with a "best effort" approach of determining the
3865 * initiator address based on the HCI_PRIVACY flag.
3868 conn->resp_addr_type = ev->bdaddr_type;
3869 bacpy(&conn->resp_addr, &ev->bdaddr);
3870 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3871 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3872 bacpy(&conn->init_addr, &hdev->rpa);
3874 hci_copy_identity_address(hdev,
3876 &conn->init_addr_type);
3879 /* Set the responder (our side) address type based on
3880 * the advertising address type.
3882 conn->resp_addr_type = hdev->adv_addr_type;
3883 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3884 bacpy(&conn->resp_addr, &hdev->random_addr);
3886 bacpy(&conn->resp_addr, &hdev->bdaddr);
3888 conn->init_addr_type = ev->bdaddr_type;
3889 bacpy(&conn->init_addr, &ev->bdaddr);
3892 cancel_delayed_work(&conn->le_conn_timeout);
3895 /* Ensure that the hci_conn contains the identity address type
3896 * regardless of which address the connection was made with.
3898 hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
3900 /* Lookup the identity address from the stored connection
3901 * address and address type.
3903 * When establishing connections to an identity address, the
3904 * connection procedure will store the resolvable random
3905 * address first. Now if it can be converted back into the
3906 * identity address, start using the identity address from
3909 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
3911 bacpy(&conn->dst, &irk->bdaddr);
3912 conn->dst_type = irk->addr_type;
3916 hci_le_conn_failed(conn, ev->status);
3920 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3921 mgmt_device_connected(hdev, &conn->dst, conn->type,
3922 conn->dst_type, 0, NULL, 0, NULL);
3924 conn->sec_level = BT_SECURITY_LOW;
3925 conn->handle = __le16_to_cpu(ev->handle);
3926 conn->state = BT_CONNECTED;
3928 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3929 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3931 hci_conn_add_sysfs(conn);
3933 hci_proto_connect_cfm(conn, ev->status);
3935 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3938 hci_dev_unlock(hdev);
3941 /* This function requires the caller holds hdev->lock */
3942 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3945 struct hci_conn *conn;
3946 struct smp_irk *irk;
3948 /* If this is a resolvable address, we should resolve it and then
3949 * update address and address type variables.
3951 irk = hci_get_irk(hdev, addr, addr_type);
3953 addr = &irk->bdaddr;
3954 addr_type = irk->addr_type;
3957 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3960 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3965 switch (PTR_ERR(conn)) {
3967 /* If hci_connect() returns -EBUSY it means there is already
3968 * an LE connection attempt going on. Since controllers don't
3969 * support more than one connection attempt at the time, we
3970 * don't consider this an error case.
3974 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3978 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3980 u8 num_reports = skb->data[0];
3981 void *ptr = &skb->data[1];
3986 while (num_reports--) {
3987 struct hci_ev_le_advertising_info *ev = ptr;
3989 if (ev->evt_type == LE_ADV_IND ||
3990 ev->evt_type == LE_ADV_DIRECT_IND)
3991 check_pending_le_conn(hdev, &ev->bdaddr,
3994 rssi = ev->data[ev->length];
3995 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3996 NULL, rssi, 0, 1, ev->data, ev->length);
3998 ptr += sizeof(*ev) + ev->length + 1;
4001 hci_dev_unlock(hdev);
4004 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4006 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4007 struct hci_cp_le_ltk_reply cp;
4008 struct hci_cp_le_ltk_neg_reply neg;
4009 struct hci_conn *conn;
4010 struct smp_ltk *ltk;
4012 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4016 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4020 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4024 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4025 cp.handle = cpu_to_le16(conn->handle);
4027 if (ltk->authenticated)
4028 conn->pending_sec_level = BT_SECURITY_HIGH;
4030 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4032 conn->enc_key_size = ltk->enc_size;
4034 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4036 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4037 * temporary key used to encrypt a connection following
4038 * pairing. It is used during the Encrypted Session Setup to
4039 * distribute the keys. Later, security can be re-established
4040 * using a distributed LTK.
4042 if (ltk->type == HCI_SMP_STK_SLAVE) {
4043 list_del(<k->list);
4047 hci_dev_unlock(hdev);
4052 neg.handle = ev->handle;
4053 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4054 hci_dev_unlock(hdev);
4057 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4059 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4061 skb_pull(skb, sizeof(*le_ev));
4063 switch (le_ev->subevent) {
4064 case HCI_EV_LE_CONN_COMPLETE:
4065 hci_le_conn_complete_evt(hdev, skb);
4068 case HCI_EV_LE_ADVERTISING_REPORT:
4069 hci_le_adv_report_evt(hdev, skb);
4072 case HCI_EV_LE_LTK_REQ:
4073 hci_le_ltk_request_evt(hdev, skb);
4081 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4083 struct hci_ev_channel_selected *ev = (void *) skb->data;
4084 struct hci_conn *hcon;
4086 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4088 skb_pull(skb, sizeof(*ev));
4090 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4094 amp_read_loc_assoc_final_data(hdev, hcon);
4097 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4099 struct hci_event_hdr *hdr = (void *) skb->data;
4100 __u8 event = hdr->evt;
4104 /* Received events are (currently) only needed when a request is
4105 * ongoing so avoid unnecessary memory allocation.
4107 if (hdev->req_status == HCI_REQ_PEND) {
4108 kfree_skb(hdev->recv_evt);
4109 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4112 hci_dev_unlock(hdev);
4114 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4116 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4117 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4118 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4120 hci_req_cmd_complete(hdev, opcode, 0);
4124 case HCI_EV_INQUIRY_COMPLETE:
4125 hci_inquiry_complete_evt(hdev, skb);
4128 case HCI_EV_INQUIRY_RESULT:
4129 hci_inquiry_result_evt(hdev, skb);
4132 case HCI_EV_CONN_COMPLETE:
4133 hci_conn_complete_evt(hdev, skb);
4136 case HCI_EV_CONN_REQUEST:
4137 hci_conn_request_evt(hdev, skb);
4140 case HCI_EV_DISCONN_COMPLETE:
4141 hci_disconn_complete_evt(hdev, skb);
4144 case HCI_EV_AUTH_COMPLETE:
4145 hci_auth_complete_evt(hdev, skb);
4148 case HCI_EV_REMOTE_NAME:
4149 hci_remote_name_evt(hdev, skb);
4152 case HCI_EV_ENCRYPT_CHANGE:
4153 hci_encrypt_change_evt(hdev, skb);
4156 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4157 hci_change_link_key_complete_evt(hdev, skb);
4160 case HCI_EV_REMOTE_FEATURES:
4161 hci_remote_features_evt(hdev, skb);
4164 case HCI_EV_CMD_COMPLETE:
4165 hci_cmd_complete_evt(hdev, skb);
4168 case HCI_EV_CMD_STATUS:
4169 hci_cmd_status_evt(hdev, skb);
4172 case HCI_EV_ROLE_CHANGE:
4173 hci_role_change_evt(hdev, skb);
4176 case HCI_EV_NUM_COMP_PKTS:
4177 hci_num_comp_pkts_evt(hdev, skb);
4180 case HCI_EV_MODE_CHANGE:
4181 hci_mode_change_evt(hdev, skb);
4184 case HCI_EV_PIN_CODE_REQ:
4185 hci_pin_code_request_evt(hdev, skb);
4188 case HCI_EV_LINK_KEY_REQ:
4189 hci_link_key_request_evt(hdev, skb);
4192 case HCI_EV_LINK_KEY_NOTIFY:
4193 hci_link_key_notify_evt(hdev, skb);
4196 case HCI_EV_CLOCK_OFFSET:
4197 hci_clock_offset_evt(hdev, skb);
4200 case HCI_EV_PKT_TYPE_CHANGE:
4201 hci_pkt_type_change_evt(hdev, skb);
4204 case HCI_EV_PSCAN_REP_MODE:
4205 hci_pscan_rep_mode_evt(hdev, skb);
4208 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4209 hci_inquiry_result_with_rssi_evt(hdev, skb);
4212 case HCI_EV_REMOTE_EXT_FEATURES:
4213 hci_remote_ext_features_evt(hdev, skb);
4216 case HCI_EV_SYNC_CONN_COMPLETE:
4217 hci_sync_conn_complete_evt(hdev, skb);
4220 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4221 hci_extended_inquiry_result_evt(hdev, skb);
4224 case HCI_EV_KEY_REFRESH_COMPLETE:
4225 hci_key_refresh_complete_evt(hdev, skb);
4228 case HCI_EV_IO_CAPA_REQUEST:
4229 hci_io_capa_request_evt(hdev, skb);
4232 case HCI_EV_IO_CAPA_REPLY:
4233 hci_io_capa_reply_evt(hdev, skb);
4236 case HCI_EV_USER_CONFIRM_REQUEST:
4237 hci_user_confirm_request_evt(hdev, skb);
4240 case HCI_EV_USER_PASSKEY_REQUEST:
4241 hci_user_passkey_request_evt(hdev, skb);
4244 case HCI_EV_USER_PASSKEY_NOTIFY:
4245 hci_user_passkey_notify_evt(hdev, skb);
4248 case HCI_EV_KEYPRESS_NOTIFY:
4249 hci_keypress_notify_evt(hdev, skb);
4252 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4253 hci_simple_pair_complete_evt(hdev, skb);
4256 case HCI_EV_REMOTE_HOST_FEATURES:
4257 hci_remote_host_features_evt(hdev, skb);
4260 case HCI_EV_LE_META:
4261 hci_le_meta_evt(hdev, skb);
4264 case HCI_EV_CHANNEL_SELECTED:
4265 hci_chan_selected_evt(hdev, skb);
4268 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4269 hci_remote_oob_data_request_evt(hdev, skb);
4272 case HCI_EV_PHY_LINK_COMPLETE:
4273 hci_phy_link_complete_evt(hdev, skb);
4276 case HCI_EV_LOGICAL_LINK_COMPLETE:
4277 hci_loglink_complete_evt(hdev, skb);
4280 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4281 hci_disconn_loglink_complete_evt(hdev, skb);
4284 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4285 hci_disconn_phylink_complete_evt(hdev, skb);
4288 case HCI_EV_NUM_COMP_BLOCKS:
4289 hci_num_comp_blocks_evt(hdev, skb);
4293 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4298 hdev->stat.evt_rx++;
projects / karo-tx-linux.git / blob